BI.ZONE Bug Bounty connects organizations and independent

[tanjimajuha20]

The Ministry of Digital Development, Communications and Mass Media has launched a project to search for vulnerabilities on Gosuslugi and other e-government resources - bug bounty. This is a public program to search for vulnerabilities for a reward. It allows you to attract independent researchers and make the system more secure. The program will take place in several stages. At the first, independent researchers will check the Gosuslugi portal and the Unified Identification and Authentication System. At the next stages, the list of resources will be expanded, and the conditions will be updated. For successful work, bug hunters can receive up to 1 million rubles. The reward depends on the degree of vulnerability. Low - gifts with project symbols, average - up to 50 thousand rubles, high - from 50 thousand to 200 thousand rubles, critical - up to 1 million rubles and gratitude from the Ministry of Digital Development. The program is sponsored by Rostelecom. Rostelecom refrained from commenting, the Ministry of Digital Development did not provide additional comments.

Testing is available on the uk cell phone number list BI.ZONE and Positive Technologies platforms. "The idea of ​​the bug bounty and the initiative of the department itself are aimed at popularizing cybersecurity, as well as attracting the attention of the public sector and private companies to this vulnerability search mechanism. For bug hunters, the Ministry of Digital Development program is an opportunity to prove themselves in the first state bug bounty project that concerns the entire country, and not a separate company," commented Evgeny Voloshin, Director of the Security Analysis and Anti-Fraud Department, Director of Strategy at BI.ZONE.

security researchers. On the platform, companies host vulnerability search programs in which bug hunters participate.

State Duma deputy from the United Russia faction Alexander Khinshtein wrote in a Telegram channel: "This is a format when so-called ethical ("white") hackers test systems with a guaranteed reward for finding a vulnerability. Since the beginning of the SVO, unprecedented cyberattacks on the country's IT infrastructure have been recorded. These include government websites, government services, and companies that make up the digital circuit. Thank God, the attackers were unable to "hack" or "take down" a single government service, but we cannot be complacent. "Gosuslugi" have become a tasty morsel for our opponents and the cyber troops of other countries. As part of the Bug Bounty program, "white" hackers who find a vulnerability on the "Gosuslugi" website (EPGU) will receive 1 million rubles from Rostelecom. Here, it is also necessary to think about legislatively enshrining the rights of "white" hackers. We understand that this work is not entirely legal, but if it goes to "If it is in the interests of the state, then exemption from liability should be provided," the deputy believes.